8/22/2021

Fuzzing Tool For Mac Os X

94
Latest version
  1. Fuzzing Tool For Mac Os X 10.7
  2. Fuzzing Tool For Mac Os X 10.11
  3. Fuzzing Tool For Mac Os X 10.13

Released:

A coverage-guided fuzzer for Python and Python extensions.

See the Supporting Multiple SDKs docs for more information on the MACOSXVERSIONMAXALLOWED macro. Keep these three things in mind: Copy only what you need. Wrap your declaration in MACOSXVERSIONMAXALLOWED checks so that, if an SDK is used that already contains these declarations, your declaration does not conflict with the declaration in the SDK.

Project description

Atheris is a coverage-guided Python fuzzing engine. It supports fuzzing of Python code, but also native extensions written for CPython. Atheris is based off of libFuzzer. When fuzzing native code, Atheris can be used in combination with Address Sanitizer or Undefined Behavior Sanitizer to catch extra bugs.

A smart fuzzer for x86 executables. In Proceedings of the 3 rd International Workshop on Software Engineering for Secure Systems, 2007. Google Scholar Digital Library; J. Mac OS X and IOS Internals: To the Apple's Core. Google Scholar Digital Library; NIST. In this paper we propose LynxFuzzer, a framework to test kernel extensions, i.e., the dynamically loadable com- ponents of Mac OS X kernel. Mac OS X is an operating system developed by Apple and currently adopted on Apple computers. Among its many components, the Kernel contains one that is particularly rel-evant for our work: the IOKit. IOKit is a a collection of system frameworks, libraries, tools, and other resources for creating device drivers in OS X' 5. It o ers an object ori. . Statistical data from passive fuzz. Accessible user client, non-root, non-sandbox, crash frequencies, crash types(UAF, OOB). Contact API in lower level to bypass unnecessary checks (if possible). Resolve Mac-O format, find symbol, hard-code offset.

Installation Instructions

Atheris supports Linux (32- and 64-bit) and Mac OS X.

Linux

Atheris relies on libFuzzer, which is distributed with Clang. If you have a sufficiently new version of clang on your path, installation is as simple as:

If you don't have clang installed or it's too old, you'll need to download and build the latest version of LLVM. Follow the instructions in Installing Against New LLVM below.

Mac

Atheris relies on libFuzzer, which is distributed with Clang. However, Apple Clang doesn't come with libFuzzer, so you'll need to install a new version of LLVM from head. Follow the instructions in Installing Against New LLVM below.

Installing Against New LLVM

Using Atheris

Example:

Atheris supports fuzzing Python code, and uses Python code coverage information for this purpose.

Fuzzing Python Code

While Atheris supports Python 2.7 and Python 3.3+, its Python code coverage support is significantly better when used with Python 3.8+, as it supports opcode-by-opcode coverage. If fuzzing Python code, we strongly recommend using Python 3.8+ where possible.

When fuzzing Python, Atheris will report a failure if the Python code under test throws an uncaught exception.

Be sure to pass enable_python_coverage=True as an argument to Setup(). You can additionally pass enable_python_opcode_coverage=[True/False] to turn on and off opcode coverage. Opcode coverage is typically beneficial, but may provide more performance impact than benefit on large Python projects. This option defaults to True on Python 3.8+, or False otherwise.

Opcode coverage must be enabled to support features like intelligent string comparison fuzzing for Python code.

Fuzzing Native Extensions

In order for native fuzzing to be effective, such native extensions must be built with Clang, using the argument -fsanitize=fuzzer-no-link. They should be built with the same clang as was used when building Atheris.

The mechanics of building with Clang depend on your native extension. However, if your library is built with setuptools (e.g. pip and setup.py), the following is often sufficient:

When fuzzing a native extension, you must LD_PRELOAD the atheris dynamic library. Otherwise, you will receive an error such as undefined symbol: __sancov_lowest_stack. Atheris provides a feature to do this: you can find the atheris dynamic library with the following command:

Then, run Python with LD_PRELOAD:

If fuzzing a native extension without a significant Python component, you'll get better performance by specifying enable_python_coverage=False as an argument to Setup().

Using Sanitizers

We strongly recommend using a Clang sanitizer, such as -fsanitize=address, when fuzzing native extensions. However, there are complexities involved in doing this; see using_sanitizers.md for details.

API

Main Interface

FuzzingForFuzzing tool for mac os x 10.7

The atheris module provides two key functions: Setup() and Fuzz().

Fuzzing Tool For Mac Os X 10.7

In your source file, define a fuzzer entry point function, and pass it to atheris.Setup(), along with the fuzzer's arguments (typically sys.argv). Finally, call atheris.Fuzz() to start fuzzing. Here's an example:

Configure the Atheris Python Fuzzer. You must call atheris.Setup() before atheris.Fuzz().

Args:

  • args: A list of strings: the process arguments to pass to the fuzzer, typically sys.argv. This argument list may be modified in-place, to remove arguments consumed by the fuzzer.
  • test_one_input: your fuzzer's entry point. Must take a single bytes argument (str in Python 2). This will be repeatedly invoked with a single bytes container.

Optional Args:

  • enable_python_coverage: boolean. Controls whether to collect coverage information on Python code. Defaults to True. If fuzzing a native extension with minimal Python code, set to False for a performance increase.
  • enable_python_opcode_coverage: boolean. Controls whether to collect Python opcode trace events. You typically want this enabled. Defaults to True on Python 3.8+, and False otherwise. Ignored if enable_python_coverage=False, or if using a version of Python prior to 3.8.

This starts the fuzzer. You must have called Setup() before calling this function. This function does not return.

FuzzedDataProvider

Often, a bytes object is not convenient input to your code being fuzzed. Similar to libFuzzer, we provide a FuzzedDataProvider to translate these bytes into other input forms.

You can construct the FuzzedDataProvider with:

The FuzzedDataProvider then supports the following functions:

Consume count bytes.

Consume unicode characters. Might contain surrogate pair characters, which according to the specification are invalid in this situation. However, many core software tools (e.g. Windows file paths) support them, so other software often needs to too.

Consume unicode characters, but never generate surrogate pair characters.

Alias for ConsumeBytes in Python 2, or ConsumeUnicode in Python 3.

Consume a signed integer of the specified size (when written in two's complement notation).

Consume an unsigned integer of the specified size.

Consume an integer in the range [min, max].

Consume a list of count integers of size bytes.

Consume a list of count integers in the range [min, max].

Consume an arbitrary floating-point value. Might produce weird values like NaN and Inf.

Consume an arbitrary numeric floating-point value; never produces a special type like NaN or Inf.

Consume a floating-point value in the range [0, 1].

Consume a floating-point value in the range [min, max].

Consume a list of count arbitrary floating-point values. Might produce weird values like NaN and Inf.

Consume a list of count arbitrary numeric floating-point values; never produces special types like NaN or Inf.

Consume a list of count floats in the range [0, 1].

Consume a list of count floats in the range [min, max]

Given a list, pick a random value

Consume either True or False.

Use with Hypothesis

The Hypothesis library for property-based testingis also useful for writing fuzz harnesses. As well as a great library of 'strategies'which describe the inputs to generate, using Hypothesis makes it trivial to reproducefailures found by the fuzzer - including automatically finding a minimal reproducinginput. For example:

See here for more details,or here for what you can generate.

Release historyRelease notifications RSS feed

1.0.7

Across arrow. Arrows in Unicode. There are more than 600 arrows in Unicode. They have different functions and play different roles. They can be used to indicate directions, to define logical flows ⇏ or for visual reference of arrow-keys →. Arrow appereance can be absolutly different: arrows can be wavy ↝, zigzag ↯, heavy, different directed ⥄, circle ⭮, double-headed, feathered or ribbon.

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for atheris, version 1.0.7
Filename, sizeFile typePython versionUpload dateHashes
Filename, size atheris-1.0.7.tar.gz (16.9 MB) File type Source Python version None Upload dateHashes
Fuzzing Tool For Mac Os XClose

Hashes for atheris-1.0.7.tar.gz

Hashes for atheris-1.0.7.tar.gz
AlgorithmHash digest
SHA2568681e821b8c7fd4110a4bfb0f93315e62d57b816a75d496b0eb27b82ab688aad
MD54aa3a07ebda874a8031fe6f4aff1f5cc
BLAKE2-256cd276a4b46ed7315a51b7f6be2659e08c0d3bdbdc01b1675bfc92d719e1b6e92

The CERT Basic Fuzzing Framework (BFF) is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms.

Fuzzing Tool For Mac Os X 10.11

BFF performs mutational fuzzing on software that consumes file input. It automatically collects test cases that cause software to crash in unique ways, as well as debugging information associated with the crashes.

The goal of BFF is to minimize the effort required for software vendors and security researchers to efficiently discover and analyze security vulnerabilities found via fuzzing.

Traditionally fuzzing has been very effective at finding security vulnerabilities, but because of its inherently stochastic nature results can be highly dependent on the initial configuration of the fuzzing system. BFF applies machine learning and evolutionary computing techniques to minimize the amount of manual configuration required to initiate and complete an effective fuzzing campaign.

BFF adjusts its configuration parameters based on what it finds (or does not find) over the course of a fuzzing campaign. By doing so it can dramatically increase both the efficacy and efficiency of the campaign. As a result, expert knowledge is not required to configure an effective fuzz campaign, and novices and experts alike can start finding and analyzing vulnerabilities very quickly.

Some of the specific features BFF offers are:

Fuzzing Tool For Mac Os X 10.13

  • Minimal initial configuration is required to start a fuzzing campaign
  • Minimal supervision of the fuzzing campaign is required, as BFF can automatically recover from many common problems that can interrupt fuzzing campaigns
  • Uniqueness determination through intelligent backtrace analysis
  • Automated test case minimization reduces the effort required to analyze results by distilling the test case to the minimal changes to the input data required to induce a specific crash
  • Online machine learning applied to fuzzing parameter and input file selection to improve the efficacy of the campaign
  • Distributed fuzzing support
  • Crash severity / exploitability triage.